WatchGuard Technologies Firebox X Log File Names and Locations, Starting LogViewer

Log File Names and Locations

38 WatchGuard System Manager

Alarm log messages are sent when an event occurs that triggers the Firebox to do a command. When the

alarm condition is matched, the Firebox sends an Alarm log message to the Traffic Monitor and log server

and then it does the specified action.

You can set some alarm log messages. For example, you can use Policy Ma nager to configure an alarm to

occur when a specified value matches or is more th an a threshold. Other alarm log messages are set by the

appliance software, and you cannot change the value. For exampl e, the Firebox sends an alarm log mes-

sage when a network c onnection on one of the Firebox interfaces fails o r when a Denial of Service attack

occurs. For more information about alarm log messages, see the Referenc e Guid

There are eight categories of alarm log messages: System, IPS, AV, Policy, Proxy, Counter, Denial of Ser-

vice, and Traffic. The Firebox does not send more than 10 alarms in 15 minutes for the same conditions.

The Firebox sends an event log me ssages because of user activity. Actions that ca n cause the Firebox to

send an event log message include:

• Firebox start up and shut down

• Firebox and VPN authentication

• Process start up and shut down

• Problems with the Firebox hardware components

• Any task done by the Firebox administrator

Diagnostic log messages include information that you can use to help troubleshoot problems. There are

27 different product components that can send diagnostic log messages. Using Policy Manager, you can

select the level of diagnosti c log messages to see in your Traffic Monit or or write your log file. For infor-

mation on how to do th is, see the

for your appliance software.

Log File Names and Locations

The Firebox® sends log messages to a primary or backup Log Server. The default location for the log file

is path: My Document s\My WatchGuard\Shared W atchGuard\logs.

The name of the log file shows:

• If t he Firebox has a name, the format of the log file name is FireboxName-date.wgl.xml.

• If the Firebox does not ha ve a name, the name of the log files is FireboxIP-date.wgl.xml.

Starting LogViewer

LogViewer is the WatchG uard® System Manager tool you use to s ee the log file data. It can show th e log

data page by page, or search and display by key words or specified log fields. The LogViewer tool is the

same for Fireware and WFS a ppliance software. There are sma ll differences between the tw o appliance